CVE-2020-7750

CRITICAL

MIT Scratch-svg-renderer - XSS

Title source: rule

Description

This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function.

Exploits (1)

exploitdb WORKING POC

by Stig Magnus Baugstø · textwebappsmultiple

https://www.exploit-db.com/exploits/50079

View Code ZIP pw:eip

References (2)

[Patch, Third Party Advisory] https://github.com/LLK/scratch-svg-renderer/commit/9ebf57588aa596c4fa3bb64209e10ade395aee90

[Third Party Advisory] https://snyk.io/vuln/SNYK-JS-SCRATCHSVGRENDERER-1020497

Scores

CVSS v3 9.6

EPSS 0.0618

EPSS Percentile 90.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Details

CWE

CWE-79

Status published

Products (2)

mit/scratch-svg-renderer 0.1.0 (24 CPE variants)

mit/scratch-svg-renderer 0.2.0 prerelease20180605154326 (26 CPE variants)

Published Oct 21, 2020

Tracked Since Feb 18, 2026